Hello,
I have a question regarding the possibility of using mitm attacks to
change repository contents/the validity of signed objects and router
certificates.
Every CA instance has a corresponding CRL and Manifest. The CRL contains
certificates which are revoked and the Manifest contains just Signed
Objects.
Because of the rsync protocol, a mitm attack between RP and repository
is possible. If the attacker withholds ...
... a signed object, the rp software would recognize it by checking the
manifest.
... a EE certificate, the rp software would recognize it, because the
corresponding signed object can't be validated.
... a manifest/crl, the rp sofware would recognize it, because every CA
instance has to have a manifest and a crl.
... a CA certificate and all files underneath that certificate, the rp
software WOULDN'T recognize anything. So the whole structure underneath
that certificate would be invalid.
... a Router certificate, the RP WOULDN'T recognize it, because it isn't
listet in any other file.
Regonize means recognizing the missing file, not necessarily the attack.
It could also be a mistake/bug/etc.
Are the described cases right or did I miss something? Would be great to
get feedback.
Kind regards
Demian Rosenkranz
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
